VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ivušák at 2011-04-29 16:57:37
Microsoft Windows 7 Ultimate
System drive C: has 647 GB (90%) free of 715 GB
Total RAM: 3327 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:54, on 29.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ivušák\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivušák.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 6981 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]
"WinSys2"=C:\Windows\system32\startup.exe [2008-01-18 57344]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-01-15 500208]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-08 74752]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-09-02 672632]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-29 16:57:37 ----D---- C:\rsit
2011-04-29 16:57:37 ----D---- C:\Program Files\trend micro
2011-04-27 08:38:24 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-27 08:38:22 ----A---- C:\Windows\explorer.exe
2011-04-26 11:10:15 ----D---- C:\Program Files\LightZone 3
2011-04-25 18:47:33 ----D---- C:\ProgramData\ReaConverter
2011-04-25 18:47:22 ----D---- C:\Users\Ivušák\AppData\Roaming\RCP 6
2011-04-16 20:18:54 ----D---- C:\Users\Ivušák\AppData\Roaming\LightZone
2011-04-16 20:18:50 ----D---- C:\Program Files\Common Files\eSellerate
2011-04-13 13:46:48 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-13 13:46:48 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-13 13:46:48 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-13 13:46:47 ----A---- C:\Windows\system32\jscript.dll
2011-04-13 13:46:46 ----A---- C:\Windows\system32\vbscript.dll
2011-04-13 13:46:46 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-13 13:46:45 ----A---- C:\Windows\system32\atmlib.dll
2011-04-13 13:46:45 ----A---- C:\Windows\system32\atmfd.dll
2011-04-13 13:46:37 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-13 13:46:37 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-13 13:46:37 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-13 13:46:35 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-04-13 13:46:32 ----A---- C:\Windows\system32\win32k.sys
2011-04-13 13:46:30 ----A---- C:\Windows\system32\mshtml.dll
2011-04-13 13:46:28 ----A---- C:\Windows\system32\ieframe.dll
2011-04-13 13:46:26 ----A---- C:\Windows\system32\urlmon.dll
2011-04-13 13:46:22 ----A---- C:\Windows\system32\wininet.dll
2011-04-13 13:46:21 ----A---- C:\Windows\system32\mstime.dll
2011-04-13 13:46:21 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-13 13:46:21 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-13 13:46:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\ieui.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\iertutil.dll
2011-04-13 13:46:20 ----A---- C:\Windows\system32\iepeers.dll
2011-04-13 13:46:18 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-13 13:46:10 ----A---- C:\Windows\system32\mfc42.dll
2011-04-13 13:46:09 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-13 13:46:08 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-13 13:46:08 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-13 13:46:08 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-13 13:46:08 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-11 22:24:29 ----D---- C:\ProgramData\ESET
2011-04-11 22:24:29 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2011-04-29 16:57:50 ----D---- C:\Windows\Temp
2011-04-29 16:57:48 ----D---- C:\Windows\Prefetch
2011-04-29 16:57:37 ----RD---- C:\Program Files
2011-04-29 16:49:08 ----D---- C:\Windows\tracing
2011-04-29 16:40:33 ----D---- C:\Windows\winsxs
2011-04-29 16:40:33 ----D---- C:\Windows\system32\config
2011-04-29 16:39:41 ----D---- C:\Windows\System32
2011-04-29 16:39:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-29 08:44:41 ----SHD---- C:\System Volume Information
2011-04-29 06:50:49 ----D---- C:\Windows
2011-04-28 11:00:29 ----SHD---- C:\Windows\Installer
2011-04-28 08:34:02 ----D---- C:\Windows\debug
2011-04-27 20:27:48 ----D---- C:\Windows\system32\catroot2
2011-04-27 08:38:18 ----D---- C:\Windows\system32\catroot
2011-04-26 19:40:18 ----D---- C:\Users\Ivušák\AppData\Roaming\IObit
2011-04-25 18:47:33 ----HD---- C:\ProgramData
2011-04-25 18:19:36 ----D---- C:\Windows\system32\FxsTmp
2011-04-22 20:36:26 ----D---- C:\Users\Ivušák\AppData\Roaming\uTorrent
2011-04-21 11:04:02 ----D---- C:\Program Files\Common Files\Adobe
2011-04-21 11:03:40 ----D---- C:\Windows\system32\drivers
2011-04-21 11:03:40 ----D---- C:\Windows\inf
2011-04-21 11:03:40 ----D---- C:\Program Files\Common Files\PX Storage Engine
2011-04-21 11:03:34 ----D---- C:\Program Files\Adobe
2011-04-20 21:25:35 ----D---- C:\PROGRAMY
2011-04-18 15:46:44 ----A---- C:\Windows\system32\MRT.exe
2011-04-16 20:19:20 ----SD---- C:\ProgramData\Microsoft
2011-04-16 20:18:50 ----D---- C:\Program Files\Common Files
2011-04-13 16:27:16 ----D---- C:\Windows\Microsoft.NET
2011-04-13 16:27:15 ----RSD---- C:\Windows\assembly
2011-04-13 14:57:20 ----D---- C:\Windows\system32\migration
2011-04-13 14:57:20 ----D---- C:\Program Files\Internet Explorer
2011-04-11 22:19:13 ----D---- C:\ProgramData\AVAST Software
2011-04-11 22:19:11 ----D---- C:\Windows\system32\Tasks
2011-04-04 15:13:29 ----D---- C:\Program Files\rajce

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-23 47360]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-05 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-05 14120]
R3 WacomVTHid;Virtual Touch Driver; C:\Windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
R2 WTouchService;WTouch Service; C:\Program Files\WTouch\WTouchService.exe [2009-11-23 113448]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Je tam winsys (troják). Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[quote="Rudy"]Je tam winsys (troják). Dejte log z ComboFix.

ComboFix 11-04-30.06 - Ivušák 01.05.2011 21:15:45.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3327.2338 [GMT 2:00]
Spuštěný z: c:\users\Ivušák\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 19:19 . 2011-05-01 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-29 14:57 . 2011-04-29 14:57 -------- d-----w- C:\rsit
2011-04-29 14:57 . 2011-04-29 14:57 -------- d-----w- c:\program files\trend micro
2011-04-27 06:38 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:38 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-26 11:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EBA6F39-A00A-489C-A522-D7BD26C11F5B}\mpengine.dll
2011-04-26 09:10 . 2011-04-26 09:10 -------- d-----w- c:\program files\LightZone 3
2011-04-25 16:47 . 2011-04-25 16:50 -------- d-----w- c:\programdata\ReaConverter
2011-04-25 16:47 . 2011-04-25 18:12 -------- d-----w- c:\users\Ivušák\AppData\Roaming\RCP 6
2011-04-16 18:19 . 2011-04-16 18:19 -------- d-----w- c:\users\Ivušák\Application Data
2011-04-16 18:18 . 2011-04-26 09:11 -------- d-----w- c:\users\Ivušák\AppData\Roaming\LightZone
2011-04-16 18:18 . 2011-04-16 18:18 -------- d-----w- c:\program files\Common Files\eSellerate
2011-04-11 20:24 . 2011-04-11 20:24 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 08:00 . 2011-03-14 14:07 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-19 05:33 . 2011-03-09 10:56 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:56 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-13 11:58 . 2011-02-13 11:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-13 11:58 . 2011-02-13 11:58 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-03 05:45 . 2011-02-09 15:53 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-07-14 20:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-06-05 10:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-01-14 500208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-07 74752]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-01 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-14 15:19]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 15:26]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 15:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Ivušák\AppData\Roaming\Mozilla\Firefox\Profiles\u9g3w4ez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: MyAshampoo Community Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-01 21:20:27
ComboFix-quarantined-files.txt 2011-05-01 19:20
ComboFix2.txt 2011-05-01 19:07
.
Před spuštěním: Volných bajtů: 679 215 828 992
Po spuštění: Volných bajtů: 679 025 274 880
.
- - End Of File - - B2CE6C530852CD774B820E81B7D8A1B2

Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Rudy píše:Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

A nový log znovu zkopírovaný..totiž, pokud jsem jej sem opět měla umístit..
ComboFix 11-04-30.06 - Ivušák 01.05.2011 22:05:08.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3327.2300 [GMT 2:00]
Spuštěný z: c:\users\Ivušák\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivušák\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 20:08 . 2011-05-01 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-29 14:57 . 2011-04-29 14:57 -------- d-----w- C:\rsit
2011-04-29 14:57 . 2011-04-29 14:57 -------- d-----w- c:\program files\trend micro
2011-04-27 06:38 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:38 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-26 11:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EBA6F39-A00A-489C-A522-D7BD26C11F5B}\mpengine.dll
2011-04-26 09:10 . 2011-04-26 09:10 -------- d-----w- c:\program files\LightZone 3
2011-04-25 16:47 . 2011-04-25 16:50 -------- d-----w- c:\programdata\ReaConverter
2011-04-25 16:47 . 2011-04-25 18:12 -------- d-----w- c:\users\Ivušák\AppData\Roaming\RCP 6
2011-04-16 18:19 . 2011-04-16 18:19 -------- d-----w- c:\users\Ivušák\Application Data
2011-04-16 18:18 . 2011-04-26 09:11 -------- d-----w- c:\users\Ivušák\AppData\Roaming\LightZone
2011-04-16 18:18 . 2011-04-16 18:18 -------- d-----w- c:\program files\Common Files\eSellerate
2011-04-11 20:24 . 2011-04-11 20:24 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 08:00 . 2011-03-14 14:07 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-19 05:33 . 2011-03-09 10:56 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:56 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-13 11:58 . 2011-02-13 11:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-13 11:58 . 2011-02-13 11:58 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-03 05:45 . 2011-02-09 15:53 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-07-14 20:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-06-05 10:38 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-01-14 500208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-07 74752]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 136176]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 416112]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-01 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-14 15:19]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 15:26]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 15:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Ivušák\AppData\Roaming\Mozilla\Firefox\Profiles\u9g3w4ez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: MyAshampoo Community Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-01 22:09:40
ComboFix-quarantined-files.txt 2011-05-01 20:09
ComboFix2.txt 2011-05-01 19:20
ComboFix3.txt 2011-05-01 19:07
.
Před spuštěním: Volných bajtů: 678 901 661 696
Po spuštění: Volných bajtů: 678 849 921 024
.
- - End Of File - - F487D7DC76D57BCBC4B96DA3145C6967

Log již vypadá čistý.

Rudy píše:Log již vypadá čistý.

mockrát děkuju!!!!!

Rádo se stalo!

Rudy píše:Rádo se stalo!

....zapnula jsem aktualizace Windows a aktivovala Nod. Večer jsem sedla k počítači, opět nabíhal dlouho, následovala hláška, že se aktualizace nezdařila. Ale obrazovka pak naskočila a vše se tváří normálně. Kromě mě. Co mám dělat, prosím

Aktualizace čeho? NODu, nebo systému?

Rudy píše:Aktualizace čeho? NODu, nebo systému?

Systému.
Při zapnutí pc: Nevypínejte ani neaktualizujte počítač. Probíhá instalace aktualizace 1 z 3..
Při vypínání pc: Probíhá konfigurace aktualizace systému windows. Dokončeno 0%. Nevypínejte počítač.
Nabíhá tak cca 5 minut..A pak naskočí: Konfigurace aktualizace se nezdařila. Vracení změn.

Zkuste odinstalovat poslední aktualizace a nechat systém znovu načíst aktualizace na serveru MS. Celý proces se zopakuje, doufejme, bez chyb.

Rudy píše:Zkuste odinstalovat poslední aktualizace a nechat systém znovu načíst aktualizace na serveru MS. Celý proces se zopakuje, doufejme, bez chyb.

tak pokud to dělám dobře, a provádí se to v programech a funkcích, jak asi daleko dozadu, myslím datem, to mám odinstalovat?
A jde o soubory nazvané Aktualizace zabezpečení pro Microsoft nebo Aktualizovat pro Microsoft...?
Mažu je odhadem 14 dní zpět, bude stačit?


Po odmazání a následném restartu už počítač naběhl poměrně rychle, aktualizoval Windows během pár vteřin, vypadá to nadějně.
Děkuji znovu, pane Šikovný..co bychom si my, talenti, bez vašeho serveru počali..Koukejte si za to nechat pořádně platit!! Srdečné díky, Iva

Odinstalujte Aktualizace zabezpeční. 14 dnů by mělo stačit. Rádo se stalo!

Rudy píše:Odinstalujte Aktualizace zabezpeční. 14 dnů by mělo stačit. Rádo se stalo!

Bohužel
Počítač se ráno probouzel opět asi 5 minut...Přejít na tužku a papír?

Kolem druhé mi pc hlásí přesuntí tojana do karantény. Takže tam nějakou tu potvoru mám stále. Prosím o radu..